Wednesday, July 23, 2008

'Drive-By Download' Attacks Menace UK.gov

The number of drive-by download attacks has tripled and they are beginning to affect government websites as well as small business operations.

Malicious downloads from compromised websites have replaced infected email attachment as the favourite tactic for malware authors. During the first half of 2008, web security firm Sophos detected 16,173 malicious webpages every day – or one every five seconds. The rate at which infected websites spring up is three times faster than during 2007.

Nine in 10 of these infected webpages are legitimate websites. Hackers use site vulnerabilities - typically SQL injection attacks - to plant malicious scripts on vulnerable targets. These scripts then serve up malware onto the machines of surfers by exploiting browser security holes.